ansible · ssbarnea · Jan 17, 2025
@@ -1,17 +1,17 @@
 # Special order section for helping pip:
 will-not-work-on-windows-try-from-wsl-instead; platform_system=='Windows'
-ansible-core>=2.13.0 # GPLv3
+ansible-core>=2.14.0 # GPLv3
 ansible-compat>=24.10.0 # GPLv3
 # alphabetically sorted:
 black>=24.3.0 # MIT (security)
-filelock>=3.3.0 # The Unlicense
+filelock>=3.8.2 # The Unlicense
 importlib-metadata # Apache
 jsonschema>=4.10.0 # MIT, version needed for improved errors
-packaging>=21.3 # Apache-2.0,BSD-2-Clause
+packaging>=22.0 # Apache-2.0,BSD-2-Clause
 pathspec>=0.10.3 # Mozilla Public License 2.0 (MPL 2.0)
-pyyaml>=5.4.1 # MIT (centos 9 has 5.3.1)
+pyyaml>=6.0.2 # MIT (compilation probles with older versions)
 ruamel.yaml>=0.18.5,!=0.18.7,!=0.18.8 # MIT
 subprocess-tee>=0.4.1 # MIT, used by ansible-compat
-yamllint >= 1.30.0 # GPLv3
+yamllint >= 1.34.0 # GPLv3
 wcmatch>=8.1.2; python_version < '3.12' # MIT
 wcmatch>=8.5.0; python_version >= '3.12' # MIT
@@ -1,18 +1,18 @@
 # This file is kept in a different directory than .config in order to not be
 # automatically updated by dependabot. This should be kept in sync with
 # minimal requirements configured inside .config/requirements.in
-ansible-core==2.13.0
-ansible-compat==24.5.1 # GPLv3
+ansible-core==2.14.0
+ansible-compat==24.10.0 # GPLv3
 black==24.3.0 # MIT (security)
-filelock==3.3.0 # The Unlicense
+filelock==3.8.2 # The Unlicense
 jsonschema==4.10.0 # MIT, version needed for improved errors
-packaging==21.3
+packaging==22.0
 pathspec==0.10.3
-pyyaml==5.4.1
+pyyaml==6.0.2
 ruamel.yaml==0.18.5 # MIT
 subprocess-tee==0.4.1 # MIT, used by ansible-compat
 # https://packages.ubuntu.com/noble/python3-wcmatch
 # https://packages.fedoraproject.org/pkgs/python-wcmatch/python3-wcmatch/
 wcmatch==8.1.2; python_version < '3.12' # EPEL 8
 wcmatch==8.5.0; python_version >= '3.12'
-yamllint == 1.30.0
+yamllint == 1.34.0
@@ -0,0 +1 @@
+secret123
@@ -1,2 +1,4 @@
 [defaults]
 collections_path = collections:examples/playbooks/collections
+# to avoid accidental use of vault from user environment:
+vault_password_file = .vault_pass
@@ -24,7 +24,7 @@
     "url": "https://raw.githubusercontent.com/ansible/ansible-lint/main/src/ansiblelint/schemas/inventory.json"
   },
   "meta": {
-    "etag": "33b882f8306af33fd7983a5a837308926d2d862903404b9eea71a73e8b37eb38",
+    "etag": "6d6a0bc70042a1ad7341ae6b0de05136a1ebba521ee7ab3972c1a2574ff7d2c6",
     "url": "https://raw.githubusercontent.com/ansible/ansible-lint/main/src/ansiblelint/schemas/meta.json"
   },
   "meta-runtime": {

@@ -96,17 +96,17 @@ def test_spdx() -> None:
         schema = json.load(f)
         spx_enum = schema["$defs"]["SPDXLicenseEnum"]["enum"]
     if set(spx_enum) != license_ids:
-        # In absence of a
-        if os.environ.get("PIP_CONSTRAINT", "/dev/null") == "/dev/null":
+        constraints = os.environ.get("PIP_CONSTRAINT", "/dev/null")
+        if constraints.endswith(".config/constraints.txt"):
             with galaxy_json.open("w", encoding="utf-8") as f:
                 schema["$defs"]["SPDXLicenseEnum"]["enum"] = sorted(license_ids)
                 json.dump(schema, f, indent=2)
             pytest.fail(
-                "SPDX license list inside galaxy.json JSON Schema file was updated.",
+                f"SPDX license list inside galaxy.json JSON Schema file was updated. {constraints}",
             )
         else:
             warnings.warn(
-                "test_spdx failure was ignored because constraints were not pinned (PIP_CONSTRAINTS). This is expected for py310 and py-devel jobs.",
+                f"test_spdx failure was ignored because constraints were not pinned (PIP_CONSTRAINT={constraints}). This is expected for py310 and py-devel, lower jobs.",
                 category=pytest.PytestWarning,
                 stacklevel=1,
             )
@@ -70,7 +70,11 @@ setenv =
   COVERAGE_FILE = {env:COVERAGE_FILE:{envdir}/.coverage.{envname}}
   COVERAGE_PROCESS_START={toxinidir}/pyproject.toml
   PIP_CONSTRAINT = {toxinidir}/.config/constraints.txt
-  devel,pkg,pre,py310: PIP_CONSTRAINT = /dev/null
+  UV_CONSTRAINT = {toxinidir}/.config/constraints.txt
+  devel,pkg,pre,py310,lint,hook,deps,schemas: PIP_CONSTRAINT = /dev/null
+  devel,pkg,pre,py310,lint,hook,deps,schemas: UV_CONSTRAINT = /dev/null
+  lower: PIP_CONSTRAINT = {toxinidir}/.github/lower-constraints.txt
+  lower: UV_CONSTRAINT = {toxinidir}/.github/lower-constraints.txt
   PIP_DISABLE_PIP_VERSION_CHECK = 1
   PRE_COMMIT_COLOR = always
   # Number of expected test passes, safety measure for accidental skip of
@@ -108,23 +112,15 @@ commands =
 passenv =
   {[testenv]passenv}
   PRE_COMMIT_HOME
-setenv =
-  {[testenv]setenv}
-  # avoid messing pre-commit with out own constraints
-  PIP_CONSTRAINT=
 
 [testenv:lower]
 description = Install using lower-constraints.txt file for testing oldest versions.
-setenv =
-  PIP_CONSTRAINT = {toxinidir}/.github/lower-constraints.txt
 
 [testenv:hook]
 description = Validate pre-commit hook definition
 deps = pre-commit
 commands =
   ./tools/test-hook.sh
-setenv =
-  PIP_CONSTRAINT=/dev/null
 
 [testenv:deps]
 description = Bump all test dependencies
@@ -134,9 +130,6 @@ skip_install = true
 basepython = python3.10
 deps =
   {[testenv:lint]deps}
-setenv =
-  # without his upgrade would likely not do anything
-  PIP_CONSTRAINT = /dev/null
 commands_pre =
 commands =
   -pre-commit run --all-files --show-diff-on-failure --hook-stage manual lock
@@ -178,9 +171,6 @@ commands =
 description = Rebuild and test JSON Schemas
 deps =
   check-jsonschema>=0.26.3
-setenv =
-  # without this upgrade would likely not do anything
-  PIP_CONSTRAINT = /dev/null
 skip_install = true
 changedir = test/schemas
 commands_pre =